General Development

C/C++ Encryption – spade89

spade89

Member

Posts: 561
From: houston,tx
Registered: 11-28-2006
hey people, for some reason lately i have been obssesed with encryption ,i am a big c++ fan and i thought i should start a thread where people could discuss encryption related stuff even if you don't know c++ i think encryption can be done in many languages so if you know anything related to encryption or if you don't and you want to spill it OUT...

^__^

------------------
Matthew(22:36-40)"Teacher, which is the greatest commandment in the Law?" Jesus replied: " 'Love the Lord your God with all your heart and with all your soul and with all your mind. This is the first and greatest commandment. And the second is like it: 'Love your neighbor as yourself.All the Law and the Prophets hang on these two commandments."
Whose Son Is the Christ

samw3

Member

Posts: 542
From: Toccoa, GA, USA
Registered: 08-15-2006
Here's what I know. There are two basic kinds of encryption

Pre-shared key encryption where the 'key' to unlock the document has already been negotiated. The most uncrackable form of encryption falls loosly into this category. More about that in a minute. But first, for example, your xor encryption is a PSK encryption routine. It does a fine job of encrypting the data, but there is not a way to "transmit" the key secretly.

Public key encryption, on the other hand, works like an unlocked padlock. You can hand someone the unlocked padlock(Public key) or even send it to them via an insecure courier and they can lock a box full of sensitive data with it. However, neither them nor anyone else can unlock the padlock.. only the recipient who has the key (Private key).

The majority of these type algorithms use some big math using some big prime numbers to create a formula that is nearly impossible to factor without a lot of cpus and a lot of time.

So, what's the uncrackable PSK method? Its called the OTP or One Time Pad.
Effectively it uses your xor algorithm with an very long random key... long enough to encrypt the whole message and still not use all the key data. Once that portion of the key is used, its thrown away and never used again. Decryption requires an exact copy of the pad at the receiving end where it is used and then tossed.

Supposedly, this is how quantum encryption would work. See http://en.wikipedia.org/wiki/Quantum_encryption if that piqued your curiosity.

Also see:
http://en.wikipedia.org/wiki/One-time_pad
http://en.wikipedia.org/wiki/Public_key

Once you've bent your brain on this.. Try information theory next

God bless!

------------------
Sam Washburn

AndyGeers

Member

Posts: 45
From: London, UK
Registered: 06-20-2005
Of course, the important thing about a good encryption algorithm is that the resulting output is statistically different (do I mean independent?) from the unencoded input. It's a well known fact that different letters of the alphabet occur more frequently than others (E being the most common). The simplest methods of encryption fall down because (if the text is long enough) you can just look for the most common letter and assume it's an E, then the second most letter and assume it's a... A?

Anyway, you need slightly more sophisticated methods than that to crack XOR encryption, but I seem to recall that it's still fairly feasible, building on the same techniques.

------------------
http://www.geero.net/

samw3

Member

Posts: 542
From: Toccoa, GA, USA
Registered: 08-15-2006
Very true. That's why OTP is considered uncrackable since you are ciphering against a completely random stream of characters with no repeats of the key, which should eliminate any statistical spikes from the corpus.

(I almost shouldn't say this, but) If you want to waste a LOT of time and are curious about statistically cracking cyphers check out the Kryptos--a sculpture located on the grounds of CIA Headquarters in Langley, Virginia. Installed in 1990, its thousands of characters contain encrypted messages, of which three have been solved (so far). Believe me, I spent way to much time tinkering with this.

http://www.elonka.com/kryptos/

------------------
Sam Washburn

spade89

Member

Posts: 561
From: houston,tx
Registered: 11-28-2006
hey, i heard about that kryptos thing outside cia on cnn weird i don't think a human could solve that one maybe a programme.

anyways i have been reading up on cryptograhy materials on the net,and i am a bit confused . i don't see the difference between publik key encryption and the one i made(XOR), except the public key of course you need a key to encrypt and decrypt them both,what's the difference?

on another topic if you know anything about cryptography can you tell me how much of math knowlege you need? i know the basic algebra linear equations...etc but i am not very good at math,how much is math needed in cryptography and how much knowlege of math do you think a programmer needs to know?

------------------
Matthew(22:36-40)"Teacher, which is the greatest commandment in the Law?" Jesus replied: " 'Love the Lord your God with all your heart and with all your soul and with all your mind. This is the first and greatest commandment. And the second is like it: 'Love your neighbor as yourself.All the Law and the Prophets hang on these two commandments."
Whose Son Is the Christ

samw3

Member

Posts: 542
From: Toccoa, GA, USA
Registered: 08-15-2006
The difference is exactly that--the two keys (passwords). The public key is used to encrypt. The private key is used to decrypt. You cannot use the public key to decrypt and you cannot use the private key to encrypt.

With public key you can freely transmit the public key (password) unencrypted over a very insecure channel and not worry about snoopers since they don't have the key to decrypt only to encrypt. And the final encrypted message can only be decrypted by the holder of the private key (password) which is never transmitted.

The problem with your xor method or any other PSK for that matter is that you have to get the password to the other party securely. This is not a problem if you yourself are the two parties, but take the example of SSL.

eCommerce sites want to encrypt your credit card data on checkout. But they don't know you from Adam. So, its not like they can call you on the phone and give you a password to encrypt the data. And even if they could someone might be tapping the phone line.

They need a solution where the encryption key can be transmitted in the clear without compromising the final encrypted message. Public key encryption solves this problem.

PSK encryption, on the other hand, tends to be a LOT stronger encryption. Its weakness though is the key negotiation. i.e. getting the password to the other party.

Got it now?

As for the math, the basic rules of public key encryption is based upon integer factorization which is the process of breaking down a non-prime number into smaller non-trivial divisors, which when multiplied together equal the original integer. You probably have learned about this in algebra.

As of late, no polynomial-time method for factoring large integers on a classical computer has yet been found, but it has not been proven that none exists.

So, the current methods of encryption exploit the very nature of numbers themselves in a mathematical science called number theory.

See: http://en.wikipedia.org/wiki/Number_theory

However, the heart of encryption still falls in the area of algorithm design more than math.

So, knowing algebra is fine. Knowing how to read calculus is better as you can study existing algorithms. And understanding number theory will also help in understanding current algorithms.

The holy grail of encryption is an algorithm where:
1. party A has never communicated with party B previously in any fashion
2. A and B negotiate a protocol in the presence of evil party C
3. A gives B an encrypted message that C intercepts
4. C cannot decrypt the message even if C has heard the whole conversation between A and B
5. B obviously should be able to decrypt the message
6. and to really top it off, C should be able to know the inner workings of the protocol and encryption algorithm and still not be able to crack the message.

------------------
Sam Washburn

jestermax

Member

Posts: 1064
From: Ontario, Canada
Registered: 06-21-2006
I haven't read all of the posts in this thread yet so forgive me if i'm redundant.
Anyways, if you're looking for something fun, check out steganography. its an absolute blast to play with, even if thats all you'll end up doing with it.

Live the Life

spade89

Member

Posts: 561
From: houston,tx
Registered: 11-28-2006
thanks for explaining that samw3 ,now i think i get public/private key encryption ,though i need to study code for rsa ,blowfish....

jestermax:
WOW,this is something everyone should check out,steganography is a real amazinag thing, the ability to hide data in images ,mp3's and other files is reall amazing.

http://en.wikipedia.org/wiki/Steganography

btw,do you think that the terrorists actually used this technique in 9/11?

------------------
Matthew(22:36-40)"Teacher, which is the greatest commandment in the Law?" Jesus replied: " 'Love the Lord your God with all your heart and with all your soul and with all your mind. This is the first and greatest commandment. And the second is like it: 'Love your neighbor as yourself.All the Law and the Prophets hang on these two commandments."
Whose Son Is the Christ

jestermax

Member

Posts: 1064
From: Ontario, Canada
Registered: 06-21-2006
well just think from a security standpoint; if i wanted to pass information on without anyone else even knowing its information then what would be the best way? if i send a standard encrypted message then you can tell it's encrypted, but if you send a picture, it could be anything!

so i can't actually say what they would have used, but if it were me i would've done something like that.

samw3

Member

Posts: 542
From: Toccoa, GA, USA
Registered: 08-15-2006
That would be a great tool for covert missionaries in restricted-access countries to send prayer requests home. I guess it would also be an equally evil tool of Al-Qaeda to coordinate terrorist attacks.

------------------
Sam Washburn

spade89

Member

Posts: 561
From: houston,tx
Registered: 11-28-2006
the power is amazing isn't it,i tried hiding the sourcecode for the example xor program in my last article(which is not being displayed by the ccn server)in the following picture and it worked .


it worked just fine, my code in this image is a legal and harmles program,what if it was the illegal kind of code,or what if it was a secret message from a terrorist???
or what if it was a message from a person taken hostage by terrorists??

the possibilities are endless.

btw ,i used the software at http://www.securekit.com/ ,it is a 7 day trial software,does anyone know a free one?
oh and i forgot incase you want to see the code inside this image the password is spade

------------------
Matthew(22:36-40)"Teacher, which is the greatest commandment in the Law?" Jesus replied: " 'Love the Lord your God with all your heart and with all your soul and with all your mind. This is the first and greatest commandment. And the second is like it: 'Love your neighbor as yourself.All the Law and the Prophets hang on these two commandments."
Whose Son Is the Christ

[This message has been edited by spade89 (edited January 19, 2007).]

jestermax

Member

Posts: 1064
From: Ontario, Canada
Registered: 06-21-2006
actually the more dangerous ones are the homebrewed. then noone can be sure of t. he algorithm used. and on top of that you're not limited to well known images; you could use a personal digital camera shot (aka noone else has access to the original).

Now the real fun: we've talked about terrorists using this, but try to thing of ways to counter this encryption...